I need to come up with some solutions for remotely monitoring the security of a server which is off-site. There is no direct connection from the main office to this box except using the internet backbone.
I see two immediate issues: 1. I need to setup some method for receiving system logs from the server. I can setup syslog to send logs to one of our office computers. However, I am concerned that the logs should be encrypted. Maybe setting up ipsec?, or using stunnel? Although I thought stunnel was only for TCP connections and syslog uses UDP? 2. Also, I need to setup some intrusion detection system like AIDE or Tripwire. I don't have physical access to the machine so how can I be sure that the AIDE program has not itself been compromised and thus giving me a false sense of security. I can't for example, burn it to CDROM and run it from CD. Everything has to be done remotely. Should I look at LIDS instead? Can ipsec help me with this too? How can I run the AIDE executable from a trusted source and ensure its database remains trusted? Maybe an encrypted filesystem can be used to store the AIDE binary and database, but if so, does anyone have any pointers? Regards. Mark.
